Social Engineering - Introduction

Social Engineering

Introduction

Social engineering is the process by which an attacker uses their victim’s emotions to get them to do what they want. To do this, they use mental triggers to exploit emotions and control the victim, such as using authority to get a company employee to do something quickly without question.

Attack Process

I’ve created an image that tries to illustrate the process of a social engineering attack in a superficial way (below). The attacker sends an email to the employee who opens it. While reading the email, the employee becomes afraid, as it appears to be an order with an arrogant and hurried tone from a director who asks the employee to open the link in the message and fill in a form quickly, as they are in an important meeting and need the information at that moment.

If you’re viewing it on your cell phone, zoom in or turn it sideways to see the image better.

How to Avoid

We are all subject to social engineering attacks, because it is very difficult to control your emotions in certain situations like these if you don’t have security awareness, especially on busy days. But below are some ways to avoid social engineering attacks:

• Individuals
  • Keep calm.
  • Check the email/number that sent the message.
  • Don’t click on unknown links.
  • Do not pass on confidential information.
  • Ask someone else who understands the subject if in doubt.
  • Attend security awareness training.
  • And others.
• Companies
  • Conduct security awareness training with employees.
  • Use defense technologies.
  • And others.